Skip to content Dark Web Informer - Cyber Threat Intelligence

Alleged Sale of Access to Compromised Italian E-Commerce Shop

Unlock Exclusive Cyber Threat Intelligence

Powered by DarkWebInformer.com

Foundational access to breach intelligence. Track breaches, leaks, and threats in real time with high quality screenshots and concise expert summaries.

📚
4,700+ Blog Posts (PRO)
Continuously updated breach reports and threat summaries.
📢
37,000+ Alerts (PRO)
Daily breach, leak, and DDoS alerts.
📤
Unredacted Threat Feed
Live tracking with JSON export.
🔍
Leak and Breach Coverage
Direct access to claims and posts.
📡
Snippets and Quick Facts
Concise summaries of DDoS, defacements, and breaches.
🌐
500+ Onion and Clearnet Resources
Verified index of dark web sites and services.
📊
Real Time Uptime Dashboard
Live status of 500+ sites.
🤖
WhiteIntel.io API
Integrated checks inside breach posts.
🖼️
High Resolution Images
Uncompressed, watermark free evidence.
🔑
Keyword Notifications
Browser alerts for tracked terms.
👥
Telegram Channels
Stay in the loop across channels.
📨
PGP Contacts
Verified PGPs for ransomware and threat groups.

📖 Overview

A threat actor is advertising unauthorized access to a Prestashop-based online store in Italy. The listing includes Shell and Adminer access, with reported transaction volumes ranging between 2,000 and 4,700 monthly orders. Such access could allow attackers to manipulate the store, steal customer payment information, or deploy malicious redirects.


📌 Key Details

  • Victim Country: Italy
  • Industry: E-commerce & Online Stores
  • Victim Organization: Unknown
  • Victim Site: Unknown
  • Threat Actor: kqu
  • Network: openweb
  • Category: Initial Access
  • Severity: Medium
  • Access Type: Prestashop platform with Shell and Adminer access
  • Traffic Metrics: 38K Ahrefs
  • Transaction Volumes:
    • August: 2,096 orders
    • July: 4,751 orders
    • June: 3,893 orders
    • May: 4,719 orders
  • Price Structure: Start $1,900 • Step $200 • Blitz $5,000 • PPS 24 hours

🔗 Claim Post (Plain Text)

Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.


📸 Screenshot Preview

⚠️ Note: This is a free post. Images may contain redacted information. Paid posts and threat feeds contain unredacted material.


🛡️ WhiteIntel.io Access Infostealers Check

This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.


🧩 TTPs (MITRE ATT&CK Mapping)

  • TA0001 Initial Access: Exploitation of web applications and CMS platforms
  • TA0009 Collection: Theft of customer payment data and order records
  • T1078 Valid Accounts: Abuse of Shell/Adminer access for persistence
  • TA0010 Exfiltration: Extraction of financial and PII data
  • TA0040 Impact: Website manipulation, fraud, or malware injection

👤 Threat Actor Profile: kqu

Summary

  • Total Matches: 1
  • First Seen: 2025-08-27
  • Last Seen: 2025-08-27
  • Data Start: 2024-10-02
  • Countries: Italy
  • Industries: E-commerce & Online Stores

📊 Threat Actor Activity

DateCountrySector / IndustryTypeTarget / AccessNetwork
2025-08-27ItalyE-commerce & Online StoresInitial AccessCompromised Prestashop-based shop accessopenweb

🚨 Potential Risks

Access to a live e-commerce store provides attackers the ability to harvest payment card details, redirect traffic to malicious domains, or alter checkout flows for fraud. It also creates reputational and regulatory risks for the impacted business due to compromised customer trust and potential GDPR violations.


  • Immediately audit Prestashop deployments for unauthorized Shell/Adminer access
  • Rotate all administrator credentials and enforce MFA
  • Review order logs for anomalies or fraudulent activity
  • Monitor for malicious redirects, injected scripts, or altered checkout flows
  • Segment database access to limit exposure of payment and PII data
  • Conduct forensic analysis to determine how the compromise occurred

💡 Final Thoughts

E-commerce platforms continue to be lucrative targets because they handle direct financial transactions and sensitive customer data. Even smaller shops with thousands of monthly orders can be exploited for significant fraud campaigns. Proactive hardening of CMS platforms, coupled with strong monitoring and access controls, is essential to prevent these types of breaches.

Latest